#!/bin/bash -x 

. /etc/firejr/config

#-------------------------------------------------------------------------------
shutdown()
{
$ipt -F -t filter
$ipt -F -t nat
$ipt -F -t mangle

$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT

$ipt -t nat -P PREROUTING ACCEPT
$ipt -t nat -P POSTROUTING  ACCEPT
$ipt -t nat -P OUTPUT ACCEPT
}
#------------------------------------------------------------------------------
loop()
{

$ipt -I INPUT -i lo -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT
$ipt -I OUTPUT -o lo -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT

}
#------------------------------------------------------------------------------
nega ()
{
$ipt -P INPUT DROP
$ipt -P FORWARD DROP 
$ipt -P OUTPUT DROP 
}
#------------------------------------------------------------------------------
dns()
{

for i in tcp udp
do
	$ipt -A OUTPUT  -p $i --sport $pa -d $qq --dport 53 -j ACCEPT
	$ipt -A INPUT -p $i -s $qq --sport 53 --dport $pa -j ACCEPT
done
	
}
#------------------------------------------------------------------------------
portas.firewall()
{
for i in $(cat $basedir/portas.firewall)
do
	$ipt -I OUTPUT 	-o $iflink -p tcp -d $qq --dport $i -s $iplink --sport $pa -j ACCEPT 
	$ipt -I INPUT -i $iflink -p tcp -d $iplink --dport $pa -s $qq --sport $i -j ACCEPT 

#	$ipt -I OUTPUT 	-o $iflink -p tcp -d $qq --dport $i -s $qq --sport $pa -j ACCEPT 
#	$ipt -I INPUT -i $iflink -p tcp -d $qq --dport $pa -s $qq --sport $i -j ACCEPT 
done
}
#-----------------------------------------------------------------------------
dhcp.client()
{
for prot in tcp udp
do
	$ipt -A OUTPUT -o $iflink -p $prot -s $iplink --sport 68 -d $qq --dport 67 -j ACCEPT
	$ipt -A INPUT  -i $iflink -p $prot -d $iplink --dport 68 -s $qq --sport 67 -j ACCEPT 
done
}
#-----------------------------------------------------------------------------
case $1 in

	start)
		shutdown	
		nega
		loop
		dns
		dhcp.client
		portas.firewall
		. $basedir/dhcp.server
		. $basedir/email.masq
		. $basedir/dns.server
		. $basedir/squid
		. $basedir/ssh.adm
		. $basedir/conectividade_social.fir
		. $basedir/apache
		. $basedir/ftp.proxy
#		$ipt -A INPUT -j LOG --log-prefix BLOCK-INPUT-- 		#debug
#		$ipt -A FORWARD -j LOG --log-prefix BLOCK-FORWARD--		#debug
#		$ipt -A OUTPUT -j LOG --log-prefix BLOCK-OUTPUT--		#debug
	;;

	filter)
		clear ; $ipt -L -v -n | less	
	;;
	
	nat)
		clear ; $ipt -t nat -L -v -n	
	;;
	
	mangle)
		clear ; $ipt -t mangle -L -v -n	
	;;
	
	shutdown|stop)
		shutdown
	;;

	icmp)
		iptables -I INPUT -p icmp -j ACCEPT
		iptables -I FORWARD -p icmp -j ACCEPT
		iptables -I OUTPUT -p icmp -j ACCEPT
	;;
	

	restart)
		$0 shutdown
		$0 start	
	;;

	
	*)
	echo "usage { start | shutdown | restart | filter | nat | mangle }";
	;;
esac



#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
